Solved

the worm got me ....

Posted on 2001-07-30
8
196 Views
Last Modified: 2013-12-28
Windows98se, Norton SystemWorks 2001, last definition dated 7/25/01.  Norton's automatic system guard caught an infected c:\windows\system\SCan32.exe file with the w32.sircam.worm@mm.virus. The problem is that this file will not delete, will not repair, will not go away. I have renamed it, moved it, quarantined it and tried to repair it but it is still there - and will not allow the system to boot execpt into safe mode.    
Any ideas on how to get rid of this virus and go on with life?
0
Comment
Question by:waco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 25

Expert Comment

by:dew_associates
ID: 6336569
Waco,

Here's a URL to the tool need to fix this:

http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.removal.tool.html

Dennis

PS: Here's some additional info from McAfee

http://dispatch.mcafee.com/dispatches/sir_cam/
0
 
LVL 2

Expert Comment

by:Adih
ID: 6337313
the tool dew referred you too attempts to delete the infected files and then removes all changes in registry and such, but note that after restart u should check for the file - if its there infected or if its missing,
run sfc from the command line to recover all lost/damaged system files.

i suspect this will also get rid of the infected file but be sure to run the program that u were referred to by dew in order to fix all damages.

good luck, adi.
0
 
LVL 14

Accepted Solution

by:
Don Thomson earned 200 total points
ID: 6337482
The SirCam Virus installs itsel;f in the system registry to load everytime you try and run an EXE  file. Load regedit (if it won't load - rename the regedit.exe to regedit.com first)

In the first group, HKEY_CLASSES_ROOT  goto exefile open to Shell/open/command  if the virus is stil active you will see the value as "C:\recycled\Sircam.exe""%1"%*
Change it to just "%1"%*

Close registry

This will stop it from executing every time you try and run anything. Make sure that the Recyled folder in no excluded in any of you Virus programs. Set Vscan to auto clean - not prompt or quarantine.

Then run SFC to check for damaged system files
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 

Expert Comment

by:deroth
ID: 6337737
I also found an entry in the autoexec on several cases of this.   Be sure it is deleted from the autoexec if it is in there.  It was calling for the startup of sircam.exe as it does in the registry.   I also found the sfc repair was essential to get it totally cleaned out. Agree with all the above.
0
 
LVL 18

Expert Comment

by:centerv
ID: 6338983
The tool did not work for me.  Win ME
Could not recognize that the restore option was shut down.

Did remove manually following procedure.

http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html
0
 

Author Comment

by:waco
ID: 6347247
Thanks all - it gets worse. There may be a dual problem here, one with the virus and the other with Norton's System Works 2001. The system is halted during boot up by the Norton (DOS looking) screen warning of the attack and offering several choices, delete file, skip, quarantine, etc., but whatever option is chosen results in a blank black screen and a system freeze. I am now told that the floppie does not work so I cannot use the cure via a disk. I can however get into safe mode but cannot run the dial up from there to download. Is there a manual step_by_step procedure out there?
0
 

Author Comment

by:waco
ID: 6347273
Thanks all - it gets worse. There may be a dual problem here, one with the virus and the other with Norton's System Works 2001. The system is halted during boot up by the Norton (DOS looking) screen warning of the attack and offering several choices, delete file, skip, quarantine, etc., but whatever option is chosen results in a blank black screen and a system freeze. I am now told that the floppie does not work so I cannot use the cure via a disk. I can however get into safe mode but cannot run the dial up from there to download. Is there a manual step_by_step procedure out there?
0
 
LVL 18

Expert Comment

by:centerv
ID: 6350483
check the above link and scroll down to
MANUAL REMOVAL
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question